Proprietary Insecurity

Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; that is the
basic injustice. The developers often exercise that power to the
detriment of the users they ought to serve.

This page lists clearly established cases of insecurity in
proprietary software that has grave consequences or is otherwise
noteworthy.

It would be incorrect to compare proprietary software with a
fictitious idea of free software as perfect. Every nontrivial program
has bugs, and any system, free or proprietary, may have security
holes. That in itself is not culpable. But proprietary software
developers frequently disregard gaping holes, or even introduce them
deliberately, and the users are helpless to fix them.

That's easy to do because the system has no authentication when
accessed through the modem. However, even if it asked for
authentication, you couldn't be confident that Nissan has no
access. The software in the car is
proprietary, which
means it demands blind faith from its users.

Even if no one connects to the car remotely, the cell phone modem
enables the phone company to track the car's movements all the time;
it is possible to physically remove the cell phone modem though.

A camera that records locally on physical media, and has no network
connection, does not threaten people with surveillance—neither by
watching people through the camera, nor through malware in the camera.

FitBit fitness trackers
have a Bluetooth vulnerability that allows
attackers to send malware to the devices, which can subsequently spread
to computers and other FitBit trackers that interact with them.

“Self-encrypting” disk drives do the encryption with proprietary
firmware so you can't trust it. Western Digital's “My Passport”
drives
have a back door.

An app to prevent “identity theft” (access to personal data)
by storing users' data on a special server
was
deactivated by its developer which had discovered a security flaw.

That developer seems to be conscientious about protecting personal
data from third parties in general, but it can't protect that data
from the state. Quite the contrary: confiding your data to someone
else's server, if not first encrypted by you with free software,
undermines your rights.

We don't call this a “back door” because it is normal
that you can install a new system in a computer given physical access
to it. However, memory sticks and cards should not be modifiable in
this way.